Bookmark this site!

2007-12-07

ClamAV an open-source anti-virus toolkit

Clam AntiVirus (ClamAV) is an open-source anti-virus toolkit for UNIX, released under GPL. It provides a number of utilities including a flexible and scalable multi- threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library.

ClamAV is included in both Fink and DarwinPorts, or can be downloaded directly from sourceforge

Configuration

You have to edit the configuration files. See the manual pages for details:

man freshclam.conf
man clamd.conf

You have to edit both files. On a Fink install, you'll find them in /sw/etc/. For other setups, locate clam.conf should find them.

Programs

clamconf -n tells you what non-defaults are set in your configuration.
clamscan -r directory recursively scans a directory.
freshclam updates your virus definitions.

man clamconf
man clamdscan
man clamscan
man freshclam

I added the following line to /sw/etc/anacrontab

   1       25        clamscan         nice /sw/bin/freshclam -quiet

When you check your imported software (for a Fink installation, do this by running the command sudo clamscan -r /sw) you should find a few ''infected'' files. For example:
/sw/src/clamav-0.91.2.tar.gz: ClamAV-Test-File FOUND
There are a few more examples in /sw/share/doc/clamav/test/. If you don't find these test cases, check your configuration.

The malware I have found is exclusively in spam mail and cached java applets.

clamdscan ˜/Library/Caches/Java\ Applets
clamdscan ˜/Library/mail\ Downloads
You can remove offending files by hand, or use the --remove option when calling clamdscan.

2 comments:

larry mishkar said...

hi, can you help me uninstall clamscan from my Mac PowerBook G4? somehow, and I mean somehow, this app has invaded my laptop. even though i've deleted the pkg and app, it keeps coming back. it acts live a virus...

i'm not a computer science person, so this beyond my understanding. the clamscan website is of no help to someone with my problem.

thank you very much.

lars

nate said...

to uninstall, follow the directions found in the FAQ of ClamXav's site
http://www.clamxav.com/index.php?page=FAQ#15